[GeoNode-devel] GeoNode generic roles permissions migration

Francesco Bartoli xbartolone at gmail.com
Fri Jun 5 04:42:52 PDT 2015 

Hi Paolo,

Il giorno 05/giu/2015, alle ore 12:42, Paolo Corti <pcorti at gmail.com> ha scritto:

> Hi
> 
> I am working on a procedure that should be able to migrate any GeoNode
> instance from 2.0 to 2.4 (starting from this work that was done by the
> NEPA geonode people:
> https://github.com/DOE-NEPA/geonode_2.0_to_2.4_migration). I am almost
> ready (I will soon send a PR with the code so that this could be
> beneficial for others that need to do this migration), except that I
> need to figure out how to proceed with permissions migration.
> 
> In GeoNode 2.0 for generic roles we have the following situtations:
> 
> 1) anonymous - Read Only: every user can view/download
> 2) authenticated - Read Only: every authenticated user can view/download
> 3) authenticated - Read/Write: every authenticated user can view/download/edit
> 
> for 1) we can set the following two permissions in guardian ("anyone"
> is a user):
> 
> * anyone can view
> * anyone can download
> 
> for 2) and 3) we would need to add respectively two (can view, can
> download) or six (can view, can download, can edit, can edit metadata,
> can edit styles, can manage) record/s for each different GeoNode user.
> If the combination of user and resource base is large (as in my case),
> this will translate in a very large number of records loaded in the
> guardian table.
> 
> Is it acceptable in your opinion if for the migration purpose I create
> a group named 'authenticated' by code and assign all of the users to
> it, and then proceed with the permission migration assigning the
> permission for a resource just to the group in case of 2/3? Do you
> think there is a better approach?
> 
> I was considering if it would make sense to have this 'authenticated'
> group created by default in geonode. This would mean to add a signal
> to assign every freshly created user by default to that group.

Makes sense IMHO and does fit into the “notMember” role for group authorization described in this issue #2164

> 
> ideas?
> cheers
> 
> -- 
> Paolo Corti
> Geospatial software developer
> web: http://www.paolocorti.net
> twitter: @capooti
> skype: capooti
> _______________________________________________
> geonode-devel mailing list
> geonode-devel at lists.osgeo.org
> http://lists.osgeo.org/cgi-bin/mailman/listinfo/geonode-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-devel/attachments/20150605/a39e6e0d/attachment-0001.html>

More information about the geonode-devel mailing list